3.55. <AuthBy INTERNAL> Previous topic Parent topic Child topic Next topic

This clause allows you permanently pre-define how to reply to a request, depending only on the type of request. You can specify whether to ACCEPT, REJECT, IGNORE or CHALLENGE each type of request. The default behaviour is to IGNORE all requests.
The following result codes are recognised. They are not case sensitive, and may be embedded within a longer string:
This clause can be useful in a number of cases:
The RADIUS protocol does not define an accounting reject message. For accounting requests, REJECT and CHALLENGE are the same as IGNORE.
This example clause will ACCEPT all Access Requests, ACCEPT Accounting Starts and Stops, and REJECT everything else:
      AuthResult ACCEPT
      AcctStartResult ACCEPT
      AcctStopResult ACCEPT
      DefaultResult REJECT
<AuthBy INTERNAL> also supports a number of hooks. You can define a Perl hook to handle some or all requests. Requests that are not handled by a hook will be handled according to the result code defined for that type of request. Hooks are passed information about the request, and the hook is expected to return one of:
to indicate the result of the request. All hooks in <AuthBy INTERNAL> are passed the same arguments in this order:
<AuthBy INTERNAL> cannot be used to authenticate any EAP-TLS, TTLS or PEAP protocols directly, but it can be used in conjunction with AuthBy FILE to achieve the same thing:
      Identifier myinternal
      <AuthBy FILE>
            Filename %D/users
            EAPType TLS
and in the users file:
DEFAULT Auth-Type=myinternal
This has the effect of using <AuthBy FILE> to do the EAP authentication handling, certificates etc., and the <AuthBy INTERNAL> to just authenticate the user name.
<AuthBy INTERNAL> understands also the same parameters as <AuthBy xxxxxx>. For more information, see Section 3.26. <AuthBy xxxxxx>.